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These p/oducts fail to create any ball 
scanning and run-time 

monitoring. SurfinShield employs run-time monitoring, 
SurfinGate uses static 

scanning, and Cage utilizes emulated run-time monitoring. 
Since static 

scanning is usually done on the server and run-time monitoring 
on the client, 

this imbalance also causes an imbalance between the of 
the server and the 

client. To distribute the l^ il between the client and the server 
evenly, the 

present inventor has determined that a combination of static 
scanning and 

run-time monitoring is needed. 



Brief Summary Text - BSTX <17): 

This disclosure is directed to an applet scanner that runs e.g. as 
an HTTP 

proxy server and does not require any client-side modification. 
The scanner 

combines static scanning and run-time monitoring and does not 
cause a heavy 

j'^^ on the server. It also does not introduce significant 
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overhead during the execution of applets. The scanner provides t 
configurable 

security policy functionality, and can be deployed as a 
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with appropriate modifications. 



Detailed Description Text - DETX (29): 

The digital signer component 58 digitally signs the applet (now 
JAR**), with a 

digital signature unique to the particular scanner 26, for 
authentication in 

the local domain. The applet JAR" is then transferred to the 
client machine 14 

for execution. Thus the only signature that a client needs to 
recognize is the 

digital signature of the signer component 58 in the scanner 26, 
This 

|> ^yeljlii^!||j;pifj^ simplifies system administration and reduces 



risks to 

unsophisticated users who might otherwise accidentally accept 
applets with 
unauthorized signatures. 
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electronic transactions environment. digital 
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transacting parties can be stored for future accelerated use 
(without having to 

repeat the verification process). Instead of a certificate cache 
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conventional system which can be compromised by adding a 
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I '^ S S certificate cache is provided in the system In 
accordance with the 

present invention. The certificate cache is typically 

resident in a 
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environment holds 

the |ij| |i^ S ^ I ^ ^ digital certificates which, by reason of the 
Interface, cannot 

be compromised. Once a digital certificate has l>een verified, an^ 
API command 
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